Register Login

sloganpng

top title background image

2JdUSu8jxO.exe

Status: finished

Submission Time: 2020-07-31 13:47:54 +02:00

Malicious

Trojan

Adware

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
255341
API (Web) ID:
405991
Analysis Started:

2020-07-31 22:12:11 +02:00
Analysis Finished:

2020-07-31 22:27:39 +02:00
MD5:
5660db4d39e1c2a7887c2b26c2f70f9b
SHA1:
656e494c33580a04d6ad08749a3f90fb7d4bb131
SHA256:
322246ebcd55123f8d11816a45dde9ef1b0b041ab306fce78af896a04052e6c8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name	Detection
http://crl.micrW=G/t%

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\HBWELB\HBWELB.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HJdyTuap.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\s.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 3 hidden entries
C:\Users\user\s.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HBWELB.exe.log	ASCII text, with CRLF line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#